There's certainly nothing wrong with forcing your users to pass in credentials when they instantiate a copy of your service client, if that's what you want them to do.

However, you have to be careful. You can NEVER trust ANYTHING your consumers give you. So, say this is a web service, for which you are providing a service client API that just plugs in. You cannot be sure that the code that is calling your service is your service client, being used as you intended. Pretty much any communications protocol can be reverse-engineered as to its methodology and form, if not the exact data being sent in any given usage.

Therefore, if it is important for the user to be authenticated before doing anything else, I would check for authentication as the first step of any other task the service can perform. That does not preclude the development of a "login constructor", but it's an extra level of code security that protects you if a consumer should try to get around your implementation.